PCI DSS

Payment Card Industry – Data Security Standard (PCI DSS v3.2)

The Payment Card Industry is a private industry group set up by the major credit card companies to define standards for companies that process credit card transactions. The Data Security Standard was defined to prevent credit card fraud, hacking and other security issues. A company processing, storing, or transmitting credit card numbers must be PCI DSS compliant or they risk losing the ability to process credit card payments. The PCI DSS includes requirements covering network security, data protection, vulnerability management, access control, monitoring and testing, and information security.

According to the PCI data security standard, an organization must be able to monitor, report, and alert on attempted or successful access to systems and data security for those applications that contain sensitive cardholder data, and explicitly calls for the collection and monitoring of event logs.

Collect log data from antivirus solutions and can alarm on detected malware and compromises in the cardholder data environment.

Identifies operational errors from antivirus and antimalware applications, detects and incorporates new signatures, and alerts on malware detected within the cardholder data environment.

PCI DSS 6: Develop and Maintain Secure Systems and Applications.

Collect and alarm on detected vulnerabilities and software update activity to help organizations to develop and maintain secure systems and applications.

Monitors and reports on when and if critical patches are installed, and reports on the security posture of commercial, custom and web applications in conjunction with other security devices.

PCI DSS 7: Restrict Access to Cardholder Data by Business Need to Know.

Monitor access privilege assignments and suspicious data accesses.

Collects relevant data from access control systems, monitoring and validating access to cardholder data and system components through account creation, object access, and privilege assignment and revocation.

PCI DSS 8: Identify and Authenticate Access to System Components.

Identify shared account usage in the network, including unobvious accounts with more than one user.

Reports on all user-account activity from account creation and activity to account removal. Alarming on default and shared account usage provides real-time validation.

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.